EUVD-2025-21248CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /getDay.php. The manipulation of the argument cidval leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.
Technical Context
The vulnerability exists in a PHP-based web application (Online Appointment Booking System) that processes user input through the /getDay.php endpoint. The cidval parameter is insufficiently sanitized before being incorporated into SQL queries, allowing attackers to break out of the intended query context and execute arbitrary SQL statements. This is a classic CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component, 'Injection') vulnerability specifically manifested as SQL injection. The root cause is the failure to implement prepared statements or parameterized queries, instead concatenating user-controlled input directly into SQL command strings. The affected CPE would be cpe:2.3:a:code-projects:online_appointment_booking_system:1.0:*:*:*:*:*:*:*.
Affected Products
[{'product': 'code-projects Online Appointment Booking System', 'affected_versions': ['1.0'], 'cpe': 'cpe:2.3:a:code-projects:online_appointment_booking_system:1.0:*:*:*:*:*:*:*', 'vulnerable_component': '/getDay.php', 'vulnerable_parameter': 'cidval'}]
Remediation
[{'type': 'Patch', 'description': 'Upgrade to the next available patched version beyond 1.0. Contact code-projects for patch availability or check official project repository.', 'priority': 'CRITICAL', 'timeline': 'Immediate'}, {'type': 'Code-Level Fix', 'description': "Replace all SQL query construction in /getDay.php to use prepared statements with parameterized queries. Example (PDO): $stmt = $pdo->prepare('SELECT * FROM appointments WHERE id = ?'); $stmt->execute([$cidval]); or (MySQLi): $stmt = $mysqli->prepare('SELECT * FROM appointments WHERE id = ?'); $stmt->bind_param('s', $cidval); $stmt->execute();", 'priority': 'CRITICAL', 'timeline': 'Immediate if patched version unavailable'}, {'type': 'WAF Mitigation', 'description': 'Deploy Web Application Firewall rules to detect and block SQL injection patterns in the cidval parameter (e.g., detect single quotes, UNION, SELECT, OR 1=1). This is a temporary measure only.', 'priority': 'HIGH', 'timeline': 'Immediate temporary measure'}, {'type': 'Input Validation', 'description': 'Implement strict whitelist validation for the cidval parameter—if it should be numeric, reject any non-digit input; if it should match a specific format, validate against that format before use.', 'priority': 'HIGH', 'timeline': 'Immediate temporary measure'}, {'type': 'Network Isolation', 'description': 'Restrict network access to /getDay.php to trusted IP ranges or require VPN authentication if the endpoint is not intended for public use.', 'priority': 'MEDIUM', 'timeline': 'Immediate temporary measure'}, {'type': 'Monitoring', 'description': 'Enable SQL query logging and monitor for suspicious patterns (UNION, SELECT, comment sequences) in the cidval parameter. Alert on multiple failed queries or unusual database access patterns.', 'priority': 'HIGH', 'timeline': 'Immediate'}]
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today